Processed: Re: Bug#569808: Empathy does not respect settings of remote desktop prefernces in gnome

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

 severity 569808 important
Bug #569808 [empathy] empathy does not respect settings of remote desktop 
prefernces in gnome
Severity set to 'important' from 'grave'

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/handler.s.c.126623227315720.transcr...@bugs.debian.org

Bug#569808: Empathy does not respect settings of remote desktop prefernces in gnome

[Philipp Kern]

severity 569808 important
thanks

On Sun, Feb 14, 2010 at 07:20:40PM +0100, kutio wrote:
 I think it's not a security problem, let me explain. If a user removes
 all access in gnome preferences and wants to share his desktop with a
 friend. He has to change all access in gnome-preferences, and after
 launch share my desktop, and when it's finish rechange gnome
 preferences and it's not really convenient. At the moment share my
 desktop doesn't care about gnome preferences, because if a user take
 the decision to share his desktop just for the session, it's his
 decision and gnome-preferences doesn't have to interfere. This
 solution is more convenient because if a user wants to share his
 desktop he doesn't need to change gnome-preferences, the feature does
 it for him and doesn't affect gnome-preferences in the future.

So possibly empathy should offer an option to only share the desktop
read-only instead of read-write?

I don't think it warrants grave though, especially if the sharing is
not done automatically on call but rather on request.  If the latter's
the case, feel free to reupgrade the bug.

Kind regards,
Philipp Kern



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100215111044.ga12...@kelgar.0x539.de

Bug#569808: empathy does not respect settings of remote desktop prefernces in gnome

[Oz N]

Package: empathy
Version: 2.28.2-3
Severity: grave
Tags: security
Justification: user security hole

Hello, 

I would like to use the feature of remote desktop sharing via the
empathy. However, allowing this via empathy enables the user on the
other side to control my mouse and keyboard. This despite the fact that
under the gnome-settings I only chose to enable only the desktop for
viewing. 
Ofcourse, I could share my desktop through gnome, and then initiate the
empathty call, but then what's the point of having this feature in
empathy, if it does not respect my preferences ?
I file this as a security issue, because I think users on the other side
should not have access to my desktop unless I enabled it specifically.
If I had a sudo session in the last moments before sharing the desktop,
it means that they inherit my root permission and can cause damage,
intentionally or not. 
If you don't think it's a security issue, feel free downgrading this
but. Also, I'm almost sure this is GNOME issue, and not Debian, but I
prefer reporting it here.

Regards, 
Oz 


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages empathy depends on:
ii  dbus-x11 1.2.20-2simple interprocess messaging syst
ii  libatk1.0-0  1.28.0-1The ATK accessibility toolkit
ii  libbonobo2-0 2.24.2-1Bonobo CORBA interfaces library
ii  libc62.10.2-2GNU C Library: Shared libraries
ii  libcairo21.8.8-2 The Cairo 2D vector graphics libra
ii  libchamplain-0.4-0   0.4.3-1 C library providing ClutterActor t
ii  libchamplain-gtk-0.4-0   0.4.3-1 A Gtk+ widget to display maps
ii  libclutter-1.0-0 1.0.8-1 Open GL based interactive canvas l
ii  libclutter-gtk-0.10-00.10.2-1Open GL based interactive canvas l
ii  libdbus-1-3  1.2.20-2simple interprocess messaging syst
ii  libdbus-glib-1-2 0.84-1  simple interprocess messaging syst
ii  libebook1.2-92.28.2-1Client library for evolution addre
ii  libedataserver1.2-11 2.28.2-1Utility library for evolution data
ii  libempathy-gtk28 2.28.2-3High-level library and user-interf
ii  libempathy30 2.28.2-3High-level library and user-interf
ii  libfontconfig1   2.8.0-2 generic font configuration library
ii  libfreetype6 2.3.11-1FreeType 2 font engine, shared lib
ii  libgconf2-4  2.28.0-1GNOME configuration database syste
ii  libgl1-mesa-glx [libgl1] 7.6.1-1 A free implementation of the OpenG
ii  libglib2.0-0 2.22.4-1The GLib library of C routines
ii  libgnome-keyring02.28.2-1GNOME keyring services library
ii  libgstfarsight0.10-0 0.0.17-2Audio/Video communications framewo
ii  libgstreamer0.10-0   0.10.25-4+b1Core GStreamer libraries and eleme
ii  libgtk2.0-0  2.18.6-1The GTK+ graphical user interface 
ii  libnotify1 [libnotify1-g 0.4.5-1 sends desktop notifications to a n
ii  liborbit21:2.14.17-2 libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-01.26.2-1Layout and rendering of internatio
ii  libsoup2.4-1 2.29.6-1an HTTP library implementation in 
ii  libtelepathy-farsight0   0.0.13-1Glue library between telepathy and
ii  libtelepathy-glib0   0.10.0-1Telepathy framework - GLib library
ii  libunique-1.0-0  1.1.6-1 Library for writing single instanc
ii  libwebkit-1.0-2  1.1.17-2Web content engine library for Gtk
ii  libx11-6 2:1.3.3-1   X11 client-side library
ii  libxcomposite1   1:0.4.1-1   X11 Composite extension library
ii  libxdamage1  1:1.1.2-1   X11 damaged region extension libra
ii  libxext6 2:1.1.1-2   X11 miscellaneous extension librar
ii  libxfixes3   1:4.0.4-1   X11 miscellaneous 'fixes' extensio
ii  libxml2  2.7.6.dfsg-2+b1 GNOME XML library

Versions of packages empathy recommends:
ii  empathy-doc   2.28.2-3   High-level library and user-interf
ii  gvfs-backends 1.4.3-1userspace virtual filesystem - bac
ii  telepathy-gabble  0.8.9-1Jabber/XMPP connection manager
ii  telepathy-salut   0.3.10-1   Link-local XMPP connection manager

Versions of packages empathy suggests:
pn  telepathy-butterfly   none (no description available)
pn  telepathy-hazenone (no description available)
ii  vino  2.28.1-2.1 VNC server for GNOME

Bug#569808: Empathy does not respect settings of remote desktop prefernces in gnome

[kutio]

Hello Oz,

I think it's not a security problem, let me explain. If a user removes
all access in gnome preferences and wants to share his desktop with a
friend. He has to change all access in gnome-preferences, and after
launch share my desktop, and when it's finish rechange gnome
preferences and it's not really convenient. At the moment share my
desktop doesn't care about gnome preferences, because if a user take
the decision to share his desktop just for the session, it's his
decision and gnome-preferences doesn't have to interfere. This
solution is more convenient because if a user wants to share his
desktop he doesn't need to change gnome-preferences, the feature does
it for him and doesn't affect gnome-preferences in the future.

As regards



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/23e336b01002141020h69ea6a7vce0fdeaae049b...@mail.gmail.com